<?php 
session_start();
ob_start();
?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Always modified
header("Cache-Control: private, no-store, no-cache, must-revalidate"); // HTTP/1.1 
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>
<?php include ("ewconfig.php") ?>
<?php include ("db.php") ?>
<?php include ("userinfo.php") ?>
<?php include ("advsecu.php") ?>
<?php include ("phpmkrfn.php") ?>
<?php include ("ewupload.php") ?>
<?php

// Initialize common variables
$x_id = NULL;
$ox_id = NULL;
$z_id = NULL;
$ar_x_id = NULL;
$ari_x_id = NULL;
$x_idList = NULL;
$x_idChk = NULL;
$cbo_x_id_js = NULL;
$x_status = NULL;
$ox_status = NULL;
$z_status = NULL;
$ar_x_status = NULL;
$ari_x_status = NULL;
$x_statusList = NULL;
$x_statusChk = NULL;
$cbo_x_status_js = NULL;
$x_name = NULL;
$ox_name = NULL;
$z_name = NULL;
$ar_x_name = NULL;
$ari_x_name = NULL;
$x_nameList = NULL;
$x_nameChk = NULL;
$cbo_x_name_js = NULL;
$x_username = NULL;
$ox_username = NULL;
$z_username = NULL;
$ar_x_username = NULL;
$ari_x_username = NULL;
$x_usernameList = NULL;
$x_usernameChk = NULL;
$cbo_x_username_js = NULL;
$x_password = NULL;
$ox_password = NULL;
$z_password = NULL;

$old_password = NULL;
$oold_password = NULL;
$zold_password = NULL;

$ar_x_password = NULL;
$ari_x_password = NULL;
$x_passwordList = NULL;
$x_passwordChk = NULL;
$cbo_x_password_js = NULL;
$x_email = NULL;
$ox_email = NULL;
$z_email = NULL;
$ar_x_email = NULL;
$ari_x_email = NULL;
$x_emailList = NULL;
$x_emailChk = NULL;
$cbo_x_email_js = NULL;
$x_user_level_id = NULL;
$ox_user_level_id = NULL;
$z_user_level_id = NULL;
$ar_x_user_level_id = NULL;
$ari_x_user_level_id = NULL;
$x_user_level_idList = NULL;
$x_user_level_idChk = NULL;
$cbo_x_user_level_id_js = NULL;
$x_is_superadmin = NULL;
$ox_is_superadmin = NULL;
$z_is_superadmin = NULL;
$ar_x_is_superadmin = NULL;
$ari_x_is_superadmin = NULL;
$x_is_superadminList = NULL;
$x_is_superadminChk = NULL;
$cbo_x_is_superadmin_js = NULL;
$x_created_date = NULL;
$ox_created_date = NULL;
$z_created_date = NULL;
$ar_x_created_date = NULL;
$ari_x_created_date = NULL;
$x_created_dateList = NULL;
$x_created_dateChk = NULL;
$cbo_x_created_date_js = NULL;
$x_updated_date = NULL;
$ox_updated_date = NULL;
$z_updated_date = NULL;
$ar_x_updated_date = NULL;
$ari_x_updated_date = NULL;
$x_updated_dateList = NULL;
$x_updated_dateChk = NULL;
$cbo_x_updated_date_js = NULL;
?>
<?php

// Load key from QueryString
$x_id = @$_GET["id"];

// Get action
$sAction = @$_POST["a_edit"];
if ($sAction == "") {
	$sAction = "I";	// Display record	
} else {

	// Get fields from form
	$x_id = @$_POST["x_id"];
	$x_status = @$_POST["x_status"];
	$x_name = @$_POST["x_name"];
	$x_username = @$_POST["x_username"];
	$x_password = @$_POST["x_password"];
	$x_email = @$_POST["x_email"];
	$x_user_level_id = @$_POST["x_user_level_id"];
	$x_is_superadmin = @$_POST["x_is_superadmin"];
	$x_created_date = @$_POST["x_created_date"];
	$x_updated_date = @$_POST["x_updated_date"];
}
if (($x_id == "") || (is_null($x_id))) {
	ob_end_clean();
	switch($_SESSION["session_cms_mode"]){
		case "edit":
			header("Location: userview.php?id=". $_SESSION["session_cms_id"] . "&mode=" . $_SESSION["session_cms_mode"]);
		break;
		default:
			header("Location: userlist.php");
		break;
	}		
	exit();
}
$conn = phpmkr_db_connect(HOST, USER, PASS, DB, PORT);
switch ($sAction) {
	case "I": // Display record
		if (!LoadData($conn)) { // Load record
			$_SESSION[ewSessionMessage] = "Data Tidak Ada";
			phpmkr_db_close($conn);
			ob_end_clean();
	switch($_SESSION["session_cms_mode"]){
		case "edit":
			header("Location: userview.php?id=". $_SESSION["session_cms_id"] . "&mode=" . $_SESSION["session_cms_mode"]);
		break;
		default:
			header("Location: userlist.php");
		break;
	}	
			exit();
		}
		break;
	case "U": // Update
		if (EditData($conn)) { // Update record
			$_SESSION[ewSessionMessage] = "Data Berhasil Dirubah";
			phpmkr_db_close($conn);
			ob_end_clean();
			switch($_SESSION["session_cms_mode"]){
				case "edit":
					header("Location: userview.php?id=". $_SESSION["session_cms_id"] . "&mode=" . $_SESSION["session_cms_mode"]);
				break;
				default:
					header("Location: userlist.php");
				break;
			}	
			exit();
		}
		break;
}
?>
<?php include ("header.php") ?>
<script type="text/javascript">
<!--
EW_LookupFn = "ewlookup.php"; // ewlookup file name
EW_AddOptFn = "ewaddopt.php"; // ewaddopt.php file name

//-->
</script>
<script type="text/javascript" src="ewp.js"></script>
<script type="text/javascript">
<!--
EW_dateSep = "-"; // set date separator
EW_UploadAllowedFileExt = "gif,jpg,jpeg,bmp,png,swf,flv,zip,mp4"; // allowed upload file extension

//-->
</script>
<script type="text/javascript">
<!--
function EW_checkMyForm(EW_this) {
if (EW_this.x_status && !EW_hasValue(EW_this.x_status, "RADIO")) {
	if (!EW_onError(EW_this, EW_this.x_status, "RADIO", "Please enter required field - status"))
		return false;
}
if (EW_this.x_name && !EW_hasValue(EW_this.x_name, "TEXT")) {
	if (!EW_onError(EW_this, EW_this.x_name, "TEXT", "Please enter required field - name"))
		return false;
}
if (EW_this.x_username && !EW_hasValue(EW_this.x_username, "TEXT")) {
	if (!EW_onError(EW_this, EW_this.x_username, "TEXT", "Please enter required field - username"))
		return false;
}
if (EW_this.x_password && !EW_hasValue(EW_this.x_password, "PASSWORD")) {
	if (!EW_onError(EW_this, EW_this.x_password, "PASSWORD", "Please enter required field - password"))
		return false;
}
if (EW_this.x_email && !EW_hasValue(EW_this.x_email, "TEXT")) {
	if (!EW_onError(EW_this, EW_this.x_email, "TEXT", "Please enter required field - email"))
		return false;
}
if (EW_this.x_email && !EW_checkemail(EW_this.x_email.value)) {
	if (!EW_onError(EW_this, EW_this.x_email, "TEXT", "Incorrect email - email"))
		return false; 
}
if (EW_this.x_user_level_id && !EW_hasValue(EW_this.x_user_level_id, "SELECT")) {
	if (!EW_onError(EW_this, EW_this.x_user_level_id, "SELECT", "Please enter required field - user level"))
		return false;
}
return true;
}

//-->
</script>
<script type="text/javascript">
<!--
	var EW_DHTMLEditors = [];

//-->
</script>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td class="admin_td_title">
		<table width="100%" border="0" cellspacing="0" cellpadding="0">
		  <tr>
			<td class="admin_title"><?=str_replace(","," &gt; ",$_SESSION['session_cms_title'])?> &raquo; Edit &nbsp;</td>
		   </tr>
		 </table>
 	</td>
  </tr>
</table>
<?php
	switch($_SESSION["session_cms_mode"]){
		case "edit":
			echo "<br><a href='userview.php' class='button-modify'>View</a><br />";
		break;
		default:
			echo "<br><a href='userlist.php' class='button-modify'>Back to List</a><br />";
		break;
	}
?>
<form name="fuseredit" id="fuseredit" action="useredit.php" method="post" onSubmit="return EW_checkMyForm(this);">
<p>
	<input type="hidden" name="a_edit" value="U">
<?php
if (@$_SESSION[ewSessionMessage] <> "") {
?>
<p><span class="ewmsg"><?php echo $_SESSION[ewSessionMessage]; ?></span></p>
<?php
	$_SESSION[ewSessionMessage] = ""; // Clear message
}
?>
	<table class="ewTable">
<input type="hidden" id="x_id" name="x_id" value="<?php echo @$x_id; ?>">
		<tr>
			<td class="ewTableHeader"><span>status<span class='ewmsg'>&nbsp;*</span></span></td>
			<td class="ewTableAltRow"><span id="cb_x_status">
<?php echo RenderControl(1, 0, 5, 1); ?>
<input type="radio" name="x_status"<?php if (@$x_status == "A") { ?> checked<?php } ?> value="<?php echo htmlspecialchars("A"); ?>">
<?php echo get_icon_status("A"); ?>
<?php echo RenderControl(1, 0, 5, 2); ?>
<?php echo RenderControl(1, 1, 5, 1); ?>
<input type="radio" name="x_status"<?php if (@$x_status == "I") { ?> checked<?php } ?> value="<?php echo htmlspecialchars("I"); ?>">
<?php echo get_icon_status("I"); ?>
<?php echo RenderControl(1, 1, 5, 2); ?>
</span></td>
		</tr>
		<tr>
			<td class="ewTableHeader"><span>name<span class='ewmsg'>&nbsp;*</span></span></td>
			<td class="ewTableAltRow"><span id="cb_x_name">
<input type="text" name="x_name" id="x_name" size="60" maxlength="255" value="<?php echo htmlspecialchars(@$x_name) ?>">
</span></td>
		</tr>
		<tr>
			<td class="ewTableHeader"><span>username<span class='ewmsg'>&nbsp;*</span></span></td>
			<td class="ewTableAltRow"><span id="cb_x_username">
<input type="text" name="x_username" id="x_username" size="30" maxlength="255" value="<?php echo htmlspecialchars(@$x_username) ?>">
</span></td>
		</tr>
		<tr>
			<td class="ewTableHeader"><span>password<span class='ewmsg'>&nbsp;*</span></span></td>
			<td class="ewTableAltRow"><span id="cb_x_password">
<input type="password" name="x_password" value="<?php echo $x_password; ?>" size="30" maxlength="255">
</span></td>
		</tr>
		<tr>
			<td class="ewTableHeader"><span>email<span class='ewmsg'>&nbsp;*</span></span></td>
			<td class="ewTableAltRow"><span id="cb_x_email">
<input type="text" name="x_email" id="x_email" size="30" maxlength="255" value="<?php echo htmlspecialchars(@$x_email) ?>">
</span></td>
		</tr>
		<tr>
			<td class="ewTableHeader"><span>user level<span class='ewmsg'>&nbsp;*</span></span></td>
			<td class="ewTableAltRow"><span id="cb_x_user_level_id">
<?php
$x_user_level_idList = "<select id='x_user_level_id' name='x_user_level_id'>";
$x_user_level_idList .= "<option value=''>Please Select</option>";
$sSqlWrk = "SELECT `id`, `name` FROM `user_level`";
$sSqlWrk .= " ORDER BY `name` Asc";
$rswrk = phpmkr_query($sSqlWrk,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL:' . $sSqlWrk);
if ($rswrk) {
	$rowcntwrk = 0;
	while ($datawrk = phpmkr_fetch_array($rswrk)) {
		$x_user_level_idList .= "<option value=\"" . htmlspecialchars($datawrk[0]) . "\"";
		if ($datawrk["id"] == @$x_user_level_id) {
			$x_user_level_idList .= " selected";
		}
		$x_user_level_idList .= ">" . $datawrk["name"] . "</option>";
		$rowcntwrk++;
	}
}
@phpmkr_free_result($rswrk);
$x_user_level_idList .= "</select>";
echo $x_user_level_idList;
?>
</span></td>
		</tr>
		<tr>
			<td class="ewTableHeader"><span>is superadmin?<span class='ewmsg'>&nbsp;*</span></span></td>
			<td class="ewTableAltRow"><span id="cb_x_is_superadmin">
<?php 
$ar_x_is_superadmin = explode(",",@$x_is_superadmin);
$x_is_superadminChk = "";
$x_is_superadminChk .=  RenderControl(0, 0, 5, 1) .  "<input type=\"checkbox\" name=\"x_is_superadmin[]\" value=\"1\"";
foreach ($ar_x_is_superadmin as $cnt_x_is_superadmin) {
	if (trim($cnt_x_is_superadmin) == "1") {
		$x_is_superadminChk .= " checked";
		break;
	}
}
	$x_is_superadminChk .= ">" . "Yes" . RenderControl(0, 0, 5, 2);
echo $x_is_superadminChk;
?>
</span></td>
		</tr>
<input type="hidden" id="x_updated_date" name="x_updated_date" value="<?php echo date('Y-m-d h:i:s'); ?>">
	</table>
	<p>
	<input type="submit" name="btnAction" id="btnAction" value="SAVE">
	<input type="button" name="btnCancel" id="btnCancel" value="CANCEL" onclick="javascript:history.back(-1)" />
</form>
<?php include ("footer.php") ?>
<?php
phpmkr_db_close($conn);
?>
<?php

//-------------------------------------------------------------------------------
// Function LoadData
// - Variables setup: field variables

function LoadData($conn)
{
	global $x_id;
	$sFilter = ewSqlKeyWhere;
	if (!is_numeric($x_id)) return false;
	$x_id =  (get_magic_quotes_gpc()) ? stripslashes($x_id) : $x_id;
	$sFilter = str_replace("@id", AdjustSql($x_id), $sFilter); // Replace key value
	$sSql = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
	$rs = phpmkr_query($sSql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql);
	if (phpmkr_num_rows($rs) == 0) {
		$bLoadData = false;
	} else {
		$bLoadData = true;
		$row = phpmkr_fetch_array($rs);

		// Get the field contents
		$GLOBALS["x_id"] = $row["id"];
		$GLOBALS["x_status"] = $row["status"];
		$GLOBALS["x_name"] = $row["name"];
		$GLOBALS["x_username"] = $row["username"];
		$GLOBALS["x_password"] = $row["password"];
		$GLOBALS["x_email"] = $row["email"];
		$GLOBALS["x_user_level_id"] = $row["user_level_id"];
		$GLOBALS["x_is_superadmin"] = $row["is_superadmin"];
		$GLOBALS["x_created_date"] = $row["created_date"];
		$GLOBALS["x_updated_date"] = $row["updated_date"];
		
	}
	phpmkr_free_result($rs);
	return $bLoadData;
}
?>
<?php

//-------------------------------------------------------------------------------
// Function EditData
// - Variables used: field variables

function EditData($conn)
{
	global $x_id;
	$sFilter = ewSqlKeyWhere;
	if (!is_numeric($x_id)) return false;
	$sTmp =  (get_magic_quotes_gpc()) ? stripslashes($x_id) : $x_id;
	$sFilter = str_replace("@id", AdjustSql($sTmp), $sFilter); // Replace key value
	$sSql = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
	$rs = phpmkr_query($sSql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql);

	// Get old recordset
	$oldrs = phpmkr_fetch_array($rs);
	if (phpmkr_num_rows($rs) == 0) {
		return false; // Update Failed
	} else {
		$x_id = @$_POST["x_id"];
		$x_status = @$_POST["x_status"];
		$x_name = @$_POST["x_name"];
		$x_username = @$_POST["x_username"];
		$x_password = @$_POST["x_password"];
		$x_email = @$_POST["x_email"];
		$x_user_level_id = @$_POST["x_user_level_id"];
		$x_is_superadmin = @$_POST["x_is_superadmin"];
		$x_updated_date = @$_POST["x_updated_date"];
		$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_status"]) : $GLOBALS["x_status"]; 
		$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
		$fieldList["`status`"] = $theValue;
		$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_name"]) : $GLOBALS["x_name"]; 
		$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
		$fieldList["`name`"] = $theValue;
		$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_username"]) : $GLOBALS["x_username"]; 
		$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
		$fieldList["`username`"] = $theValue;
		
		
		$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_password"]) : $GLOBALS["x_password"]; 
		$theValue = ($theValue != "") ?  $theValue : "NULL";
		$theValue = ($theValue == $oldrs['password']) ? " '" . $theValue . "'" : " '".generateHash($theValue)."'";
		$fieldList["`password`"] = $theValue ;
		
		
		$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_email"]) : $GLOBALS["x_email"]; 
		$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
		$fieldList["`email`"] = $theValue;
		$theValue = ($GLOBALS["x_user_level_id"] != "") ? intval($GLOBALS["x_user_level_id"]) : "NULL";
		$fieldList["`user_level_id`"] = $theValue;
		$theValue = $GLOBALS["x_is_superadmin"][0];
		$theValue = ($theValue != "") ? intval($theValue) : "NULL";
		$fieldList["`is_superadmin`"] = $theValue;
		$theValue = ($GLOBALS["x_updated_date"] != "") ? " '" . ConvertDateToMysqlFormat($GLOBALS["x_updated_date"]) . "'" : "Null";
		$fieldList["`updated_date`"] = $theValue;

		// Updating event
		if (Recordset_Updating($fieldList, $oldrs)) {

			// Update
			$sSql = "UPDATE `user` SET ";
			foreach ($fieldList as $key=>$temp) {
				$sSql .= "$key = $temp, ";
			}
			if (substr($sSql, -2) == ", ") {
				$sSql = substr($sSql, 0, strlen($sSql)-2);
			}
			$sSql .= " WHERE " . $sFilter;
			phpmkr_query($sSql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql);
			$result = (phpmkr_affected_rows($conn) >= 0);

			// Updated event
			if ($result) Recordset_Updated($fieldList, $oldrs);
		} else {
			$result = false; // Update Failed
		}
	}
	return $result;
}

// Updating Event
function Recordset_Updating(&$newrs, $oldrs)
{

	// Enter your customized codes here
	return true;
}

// Updated event
function Recordset_Updated($newrs, $oldrs)
{
	$table = "user";
}
?>
